CRN Security News

Payment terminals that support encryption when a credit card is swiped are available and could have thwarted many of the latest breaches, say security experts, but until now most merchants have been hesitant to make the investment.

The retailer says some payment terminals began getting infected with malware possibly in April, putting attention on deploying POS systems that support chip-and-PIN payments designed to reduce the risk of fraud.

A payment processor had malware on its systems for more than a year, according to Goodwill, as third-party data security lapses continue to be a serious challenge for merchants attempting to safeguard sensitive data.

A study analyzing the activity of KorBanker, an Android banking Trojan, found evidence that attackers are gaining passwords to VPN services, two-factor authentication codes, location data and other information that can be used to infiltrate corporate networks.

The re-released security update fixes a Windows vulnerability that could be used by an attacker to elevate system privileges. The original patch had caused several problems, including the notorious Blue Screen of Death for some users.

A breach at J.P. Morgan Chase & Co. reportedly has Russian or Eastern European ties and may involve as many as four other banks. The attacks could be linked to organized cybercriminal groups, said solution providers, who told CRN that more details are needed to determine the lapses that enabled attackers to gain access to the data.